rptb1
commented
1 year ago Investigation and research:
- [ ] study Apple Hardened Runtime and the requirements it meets
- [ ] investigate if there are similar initiatives on our other target platforms and how they work or will work
- [ ] consider the granularity of control that MPS clients might need (global, per arena, per pool class, per pool, per allocation, etc.)
- [ ] consider what control we can actually provide given the platforms
I expect this might all come down to a parameter at arena creation, with a possible error code if it can't be fulfilled. Not many lines of actual code.
The MPS was originally designed as a memory manager for dynamic language run-time systems (what are now often called JITs, whether or not they're "just in time") and as such has defaulted to allocating memory with executable permission. The main commercial user of the MPS is a "JIT" in this sense.
However, this does increase the attack surface for software using the MPS, and the policy ought to be under the control of the client.
Apple's Hardened Runtime now prevents execution by default in the recent macOS version 13 ("Ventura") and though we have a workaround in progress in https://github.com/Ravenbrook/mps/pull/82 we should consider how to handle this issue properly.
See also https://github.com/Ravenbrook/mps/pull/82#issuecomment-1371288892